How can I plan ahead for an encryption virus locking me out of my data?

0

Since being held ransom in order to regain access to my files I have implemented a deep and comprehensive backup plan. But the fear still haunts me; say I get infected with a virus that can encrypt files on my HD, how am I to plan ahead for this? I'm guessing the answer is include file versioning in my backup plan, which is something I already do. But what if the virus stays dormant until it becomes a part of all file versions (assuming they are time based)?

CarrotFile

Posted 2013-10-05T08:20:00.540

Reputation: 1

Usually those kind of viruses would aim at your hard disk content, and hopefully not your external HDD content. You can have offsite backup which the virus can't touch, unless somehow you backed up the encrypted content. – Darius – 2013-10-05T08:23:48.970

Another suggestion: You can use a linux distribution for your important files/data. I'm not saying it's 100% impenetrable, but it's LESS LIKELY to be targeted and to execute such a virus. You have some tips about an encryption virus at http://malwaretips.com/blogs/everything-on-your-computer-has-been-fully-encrypted-virus/ and at http://www.bleepingcomputer.com/virus-removal/remove-everything-on-your-computer-has-been-encrypted

– Savvas Radevic – 2013-10-05T08:27:13.417

What does it matter what the virus aims at? If it aims at my hard disc content and find a way in, it could become eventually a part of my backup with me knowing... – CarrotFile – 2013-10-05T10:04:14.590

Answers

3

Backup to read only media such as CDR etc DVD, once written it can't be changed

can back up 25 GB on blue ray single sided

Steve Liddle

Posted 2013-10-05T08:20:00.540

Reputation: 31

1But the virus can lay dormant on the read only media, eventually becoming a part of all me backups. – CarrotFile – 2013-10-05T10:08:01.840

1

The basic idea is to not give the ransomware easy write access to all backup media.

Multiple backups

Create rotating backups on at least two different media that you store disconnect from your machine. That way ransomware can only encrypt at most one backup before you will notice and let it overwrite the other(s).

Network backup

Backup your files (incrementally) to a network medium, say another machine in the local network or “in the cloud”. I don't think ransomware touches network shares nowadays. If you want to be sure, prevent deletion of old backup data without a password.

Write-protected backup medium

Those will work too, as Steve suggests.

David Foerster

Posted 2013-10-05T08:20:00.540

Reputation: 829

What if I do not notice it while it is dormant until it had found its way on to all backups? – CarrotFile – 2013-10-05T10:10:48.210

Just like biological viruses computer viruses cannot alter their environment without a host. Checking the backup for malware and removing it is good idea though if you notice one on your machine. – David Foerster – 2013-10-05T10:14:04.567

So basically what I take from you is:

If I get infected with a virus that shows itself or is detected by a AV, and damage has already been done, like say some of my files got encrypted I can go back to a backup, and even if that backup is infected with the dormant virus I can still save the day by removing the threat before it becomes active? – CarrotFile – 2013-10-05T10:57:38.183

Yes. Just take care not to infect the host restoring the data. If your paranoid about that, use a Linux Live CD. – David Foerster – 2013-10-07T15:03:19.460

Asked: 2013-10-05T08:20:00.540

Viewed: 127 times

Active: 2013-10-05T08:54:44.093